topic Re: Basic ACE questions in Application Networking

Basic ACE questions

mmertens — Mon, 14 Jul 2008 00:26:58 GMT

I'm about to do my first ACE install. I'm familiar with the CSS but am having difficulty getting my arms around some ACE concepts. Your assistance is appreciated.

1) When using mutiple contexts, does the L2 configs such as trunking, channel groups, etc go into the "admin" context or do they go in the individual contexts? Is that true with the VLAN interfaces also?

2) I'm looking at the ACE quick config guide and have a questions with the example they show (see below). In particular, their use of the "default-class" and how it is listed first in the first-match policy map...

class-map match-all L4_VIP_ADDRESS_CLASS

10 match virtual-address 172.16.110.9 any

policy-map type loadbalance first-match L7_VIP_LB_ORDER_POLICY

class CLASS-DEFAULT

serverfarm SFARM1

policy-map type multi-match L4_LB_VIP_POLICY

class L4_VIP_ADDRESS_CLASS

loadbalance vip inservice

loadbalance L7_VIP_LB_ORDER_POLICY

3) Conceptually, the Policy Map appears to me to tie in a class-map that specifies the front-end (VIP) traffic and the class-map that ties in the back-end server farm. Is that fair?

4) Does NAT happen automatically or do I need to specify it like in the CSM?

THANKS!!!

Mike.

Re: Basic ACE questions

Syed Iftekhar Ahmed — Mon, 14 Jul 2008 02:28:07 GMT

1) Ethernet Interface config (duplex, speed, ....), Trunking ,Portchannel and FT config is done in Admin context.

You assign vlans from Admin contexts to non-Admin contexts using "allocate-interface vlan" command in Admin Context. Then you create vlan interfaces in user (Or even in Admin context if needed) contexts.

2. Default-class is only used when all classes fail to match.In situations where there is no need to match any advance characteristics of the traffic, this is the only class that is used under a policy map. One such example is Layer 4 policy.

3. There are different tpe of class-maps and policy-maps on ACE. For a typical Layer 4 LB rule You need following

a. Class-map

To match traffic against Virtual address -- VIP)

b. Multi-match policy

It will create kind of "if-then-else" logic for different "Virtual address matching" class-maps.This policy matches the vip and then call the "loadbalance policy" for interesting traffic ( which selects appropriate server farm).

c. Load balance policy

It will match a different set of class maps and will select Serverfarm based on the matching criteris (default-class is used here as last resort class).

If you need to match Layer 7 stuff (url, cookies, haeaders...) then you need to create class-maps to map these conditions and these class-maps will be used in "Load balance policy-maps"

4. Source NAT doesnt happen automatically in most LB devices (same is the case here). Normally destination NAt (VIP -> Real Server) happens by default on all LB devices (Same is the case here).

HTH

Syed Iftekhar Ahmed

Re: Basic ACE questions

mmertens — Mon, 14 Jul 2008 11:50:21 GMT

Syed,

Thanks for taking the time. Good stuff....this definitely helps.

Thanks,

Mike.